Threat
Hackers try to breach eCommerce points or on-line payment services to get credit card information. There is a limited window of time within which the cyber-criminal needs to cash-out or launder the money before the holder of the card will nullify it. These methods may help the victim to prepare and be more vigilant with their credit transactions feeds.Exploitation
Cyber-criminal will cash-out for example with following ways:- Selling credit card numbers on underground markets. There are tens of thousand stolen credit card info traded daily. Price is normally few dollars per card.
- Using card information to buy easily sellable devices like iPhones, Macbooks, etc. The thief normally distributes purchases to separate cards and separate orders.
- Buying Amazon, Baidu, Alibaba or Walmart gift cards, which are easy to sell forward.
- Using Uber or Airbnb service providers for fraudulent payments. Criminal buys fake services from their partner Uber driver or Airbnb renter, who will get payment of this fictitious journey or lodging.
Protection
The following general advice may apply:
- Do not give the card details to unknown online commerce sites but use banks or PayPal services instead.
- Do not click email links appearing your bank, credit card company or other business. These organisations do not approach you asking your details, but it may be phishing attempt to get your details.
- Use a strong password in any account that has your credit details (Amazon, Souq, etc.)
- Follow feeds that inform about credit information breaches.
- Follow closely your credit card events and seek odd transactions.
- Be quick in cancelling your card even if just a hint of suspicion.
References
- https://www.bbc.com/news/technology-44355153
- https://www.thebalance.com/ways-avoid-credit-card-fraud-960797